Glance logs password hashes in swift URLs
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Glance |
Fix Released
|
Undecided
|
Nikhil Komawar | ||
Icehouse |
New
|
Undecided
|
Unassigned |
Bug Description
Example:
2014-07-25 20:03:36.346 780 DEBUG glance.
We've found that the following regex will catch all of the password hashes:
r"(swift|
Since it's a debug-level log message, we can avoid leaking sensitive data by turning off debug logging, but we often find ourselves needing the debug logs to diagnose issues. We'd like to fix this problem at the source by sanitizing our the password hashes.
Changed in glance: | |
status: | New → Confirmed |
Changed in glance: | |
assignee: | nobody → Hemanth Makkapati (hemanth-makkapati) |
Changed in glance: | |
assignee: | Hemanth Makkapati (hemanth-makkapati) → nobody |
Changed in glance: | |
assignee: | nobody → nikhil komawar (nikhil-komawar) |
tags: | added: icehouse-backport-potential |
Changed in glance: | |
milestone: | none → juno-3 |
status: | Fix Committed → Fix Released |
Changed in glance: | |
milestone: | juno-3 → 2014.2 |
Related to https:/ /bugs.launchpad .net/glance/ +bug/1275062?